Security Event 4733 help sentinel Log analytic work space
Hi community experts!
I had trouble with the following issue. we have connected security events via OMS agent to Log analytic workspace. but we found something really interesting.
for security event log 4733, which is a user is removed from the AD, in the event viewer you can see the account name that is being removed! but in the LAW
we can not see the account that is being removed. we belived we have found similar issue.
I have tried in my environment and still see everything. Could you elaborate? What is missing from the event log in Log Analytics Workspace. In my environment I can see details of event 4733.
Sign in to comment